﻿<!--#include file="../inc/common.asp" -->
<%
    if not userRightObj.canManage then
        message("您没有设置权限")
    end if
    call OpenDB
%>
<HTML><HEAD><TITLE><%=blogObj.blogTitle%>—控制面板—用户权限</TITLE>

<link rel="stylesheet" href="<%=cssFile%>" type="text/css" />

<style type="text/css">
td{
    font-size:10pt;
}
</style>
<body bgcolor="#c1c1c1" leftmargin="0" topmargin="0" style="font-size:10pt">
<div style="width:760px;height:100%;">

<div style="float:left;width: 160px; padding-top:20px">
<!--#include file="menu.asp" -->
</div>

<div style="background:#ffffff; width:580px; height:100%;float:left;padding:20px 10px 10px 10px">
<%
    dim group_id, count, i
    dim tmpUserObj
    
    group_id = trim(request("group_id"))
    if group_id="" then
%>
<p>“<%=blogObj.blogTitle%>”所有者“<%=blogObj.blogOwnerName%>”（id=<%=blogObj.blogOwnerId%>）拥有所有权限，无需加入任何组</p>
<p>请选择要编辑的用户组：</p>
<%
      sql = " select group_id,group_name from blog_user_group where blog_id=" & blogObj.blogId & " order by group_id"
      rs.open sql, conn, 1, 1
      if  rs.eof then
        group_id = 5 '编号<=5为系统保留类型
      else
        do until rs.eof
          group_id=rs("group_id")
%>
<p>&nbsp;&nbsp;<a href="user.asp?blog_id=<%=blogObj.blogId%>&group_id=<%=group_id%>"><%=rs("group_name")%></a></p>
<%
          rs.moveNext()
        loop
      end if
%>
<p>或者<a href="user.asp?blog_id=<%=blogObj.blogId%>&group_id=<%=group_id+1%>">新增用户组</a></p>
<%      
    else
      group_id = clng(group_id)
      dim group_name,group_desc,can_read,can_reply,can_post,can_delete,can_read_secret,can_manage
      sql = " select blog_id,group_id,group_name,group_desc,can_read,can_reply,can_post,can_delete,can_read_secret,can_manage from blog_user_group where blog_id=" & blogObj.blogId & " and group_id=" & group_id
      rs.open sql, conn, 1, 3
      if rs.bof or rs.eof then
        '未找到定义，设置默认值
        if group_id=1 then
          group_name = "管理员"
          group_desc = "管理员"
          can_read = true
          can_reply = true
          can_post = true
          can_read_secret = true
          can_delete = true
          can_manage = true
        elseif group_id=2 then
          group_name =  "好友" 
          group_desc = "好友" 
          can_read = true
          can_reply = true
          can_post = true
          can_read_secret = true
          can_delete = false
          can_manage = false
        elseif group_id=3 then
          group_name = "注册网友"  
          group_desc = "注册网友" 
          can_read = true
          can_reply = true
          can_post = false
          can_read_secret = false
          can_delete = false
          can_manage = false
        elseif group_id=4 then
          group_name = "匿名网友"  
          group_desc = "匿名网友" 
          can_read = true
          can_reply = true
          can_post = false
          can_read_secret = false
          can_delete = false
          can_manage = false
        elseif group_id=5 then
          group_name = "黑名单"  
          group_desc = "黑名单"  
          can_read = false
          can_reply = false
          can_post = false
          can_read_secret = false
          can_delete = false
          can_manage = false
        end if  
      else
        group_name = rs("group_name")
        group_desc = rs("group_desc")
        can_read = rs("can_read")
        can_reply = rs("can_reply")
        can_post = rs("can_post")
        can_delete = rs("can_delete")
        can_read_secret = rs("can_read_secret")
        can_manage = rs("can_manage")
      end if
      if request("actionType")=" 删除 " then
        rs.delete()
        call closeDB()
        response.redirect("user.asp?blog_id="&blogObj.blogId)
        response.end
      elseif request("actionType")=" 保存修改 " then
          if rs.bof or rs.eof then
            rs.addNew()
            rs("blog_id")=blogObj.blogId
            rs("group_id")=group_id
          end if
          group_name = filterHTML(request("group_name"))
          group_desc = filterHTML2(request("group_desc"),true)
          if group_desc=""  then
            group_desc = group_name
          end if  
          if request("can_read")="true" then
            can_read=true
          else
            can_read=false
          end if
          if request("can_reply")="true" then
            can_reply = true
          else
            can_reply=false
          end if
          if request("can_post")="true" then
            can_post = true
          else
            can_post=false
          end if
          if request("can_delete")="true" then
            can_delete = true
          else
            can_delete=false
          end if
          if request("can_read_secret")="true" then
            can_read_secret=true
          else
            can_read_secret=false
          end if
          if request("can_manage")="true" then
            can_manage=true
          else
            can_manage=false
          end if
          rs("group_name")=group_name
          rs("group_desc")=group_desc
          rs("can_read")=can_read
          rs("can_reply")=can_reply
          rs("can_post")=can_post
          rs("can_delete")=can_delete
          rs("can_read_secret")=can_read_secret
          rs("can_manage")=can_manage
          rs.update()

          dim new_users, users,user_id, msg  
          msg = ""
          count=0
          new_users = trim(request("new_users"))
          if   new_users<>"" then
              users = split(new_users,chr(13)&chr(10))

              dim rs2, rs3, rs4

              set rs4 = server.createObject("ADODB.Recordset")
              sql = " select blog_id, user_group, user_id from blog_users where blog_Id=" & blogObj.blogId & " and user_group=" & group_id
              rs4.open sql, conn, 1, 3
              
              for i = 0 to ubound(users)
                user_id = ""
                if trim(users(i))<>"" then
                    set tmpUserObj = new UserClass
                    tmpUserObj.load(users(i))
                    if not tmpUserObj.isFound then
                        msg = msg & " 用户"&users(i)&"未注册 "
                    end if
                    user_id = tmpUserObj.userId
                    if not isNull(user_id) and user_id<>"" then
                        rs4.find "user_id="&user_id
                        if rs4.eof or rs4.bof then
                            rs4.addNew()
                            rs4("blog_id")=blogObj.blogId
                            rs4("user_group")=group_id
                            rs4("user_id")=user_id
                            rs4.update()
                            count = count+1
                        else
                            msg = msg & " 用户"&users(i)&"已经属于该组 "
                        end if
                    end if
                    set tmpUserObj = nothing
                end if    
              next
              rs4.close()
              set rs4 = nothing
          end if
                      
          'todo 更新权限缓存
          dim usrRight
          Set usrRight = new UserRightClass
          call removeManyFromCache(usrRight.CACHE_PREFIX)
          Set usrRight = nothing
          
          response.write("<b>保存成功！</b><br> ")
          if msg<>"" then
            response.write "<font color=red>"&msg&"</font>"
          end if
      elseif request("actionType")="deleteUser" then
        sql = " delete from blog_users where blog_id=" & blogObj.blogId & " and user_group=" & group_id & " and user_id=" & clng(request("user_id"))
        conn.execute(sql)
      end if
      rs.close()
%>
<form name=form1 action=user.asp method=post>
<input type=hidden name=blog_id value="<%=blogObj.blogId%>">
<input type=hidden name=group_id value="<%=group_id%>">
<%
%>
<p>用户组：<input type=text name=group_name size=60 value="<%=group_name%>" <% if group_id<=5 then response.write("readOnly") end if  %> ></p>
<p>组描述：<textarea name=group_desc cols=59 rows=3 ><%=group_desc%></textarea> </p>
<p>权限设置：
    <input type=checkbox name=can_read value="true" <% if can_read then response.write("checked") end if %> >浏览 
    <input type=checkbox name=can_reply value="true" <% if can_reply then response.write("checked") end if %> >回复 
    <input type=checkbox name=can_post value="true" <% if can_post then response.write("checked") end if %> >发表 
    <input type=checkbox name=can_read_secret value="true" <% if can_read_secret then response.write("checked") end if %> title="如隐藏文章和悄悄话">阅读隐藏内容 
    <input type=checkbox name=can_delete value="true" <% if can_delete then response.write("checked") end if %> >删除 
    <input type=checkbox name=can_manage value="true" <% if can_manage then response.write("checked") end if %> title="进入控制面板进行设置">设置 
</p>
<%
  if group_id<>3 and group_id<>4 then
%>
<p>当前用户：<br>
  <table border=1 bordercolorlight="#cccccc" bordercolordark="#FFFFFF" cellspacing=0 width=72% align=center>
    <tr>
      <td nowrap>ID</td><td nowrap>用户名</td><td nowrap>昵称</td><td nowrap>操作</td>
    </tr>
<%
         sql = " select a.user_id from blog_users a where a.blog_Id=" & blogObj.blogId & " and a.user_group=" & group_id
         rs.open  sql, conn, 1, 1
         while not rs.eof 
            set tmpUserObj = new UserClass
            tmpUserObj.loadById(rs("user_id"))
%>
    <tr>
      <td nowrap><%=tmpUserObj.userId%></td><td nowrap><a href="../user.asp?user_id=<%=tmpUserObj.userId%>" target="_blank"><%=tmpUserObj.userName%></a></td>
      <td >
<%
                count = 0
                if isArray(tmpUserObj.aliases) then
                    count = ubound(tmpUserObj.aliases)
                end if
                if count>0 then
                    for i=0 to count-1
                        if i>0 then
                            response.write(", ")
                        end if
                        response.write(tmpUserObj.aliases(i))
                    next
                end if
%>      &nbsp;
      </td>
      <td nowrap><a href="user.asp?blog_id=<%=blogObj.blogId%>&group_id=<%=group_id%>&actionType=deleteUser&user_id=<%=tmpUserObj.userId%>">删除</a></td>
    </tr>
<%
           rs.moveNext()  
           set tmpUserObj = nothing
         wend
        rs.close()
%>
  </table>  
</p>
<p>新增用户：（输入已注册的用户名, 每个用户名用回车分开）<br>
<div style="padding-left:60px"">
<textarea name="new_users" rows=5 cols=20 >
</textarea>
</div>
</p>
<%
  end if
%>
<p align=center><input type=submit name=actionType value=" 保存修改 ">
<%
      if  group_id>5 and group_name<>"" then 
%>
<input type=submit name=actionType value=" 删除 " onclick="return confirm('确定删除<%=group_name%>组吗？')">
<% 
      end if
%>
<input type=button  value=" 返回 " onclick="document.location.href='user.asp?blog_id=<%=blogObj.blogId%>'">
</p>
</form>

<%

    end if


%>
</div>

<div>
</body>    
</html>    
<!--#include file="../inc/end.asp" -->
